Australian Pizza Hut customers served a deep dish of info leaks

Pizza chain says names and contact info exposed, not credit cards.

On Tuesday night, hackers defaced the Australian website of Pizza Hut and made off with customers' personal data, including names, email addresses and other contact information.

"It has come to my attention that we have absolutely ripped apart your internal security systems," the hackers (using the names 0-day and Pyknic) posted on the Pizza Hut site as part of their defacement. The defacement also included a claim that over 240,000 credit card numbers had been stolen, and the personal details of 60,000 customers registered on the site. To add insult to injury, the defacement also included a link to the website of Domino's Australia, Pizza Hut's competitor.

A screenshot of the defacement of pizzahut.com.au on November 7.

Pyknic was also a tag used in the defacement of NBC's sites and of the Gaga Daily fan page on November 4, which exploited a recently-discovered security flaw in Invision Power's IP.Board software. On November 6, Invision Power issued an updated patch for that flaw.

In a statement to Gizmodo Australia, Pizza Hut's Australian general manager Graeme Houston confirmed the breach and loss of customer data, but claimed no credit card data had been intercepted. "We would like to reassure all of our customers that absolutely no credit card information was stolen and there is no need for concern regarding credit cards," Houston said. "The security of our online ordering system has not been compromised in any way and our customers can continue to order online in the knowledge the ordering system is secure."

Sean Gallagher / Sean is Ars Technica's IT Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.